CVE-2017-15105

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

References

http://www.securityfocus.com/bid/102817

https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html

https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html

https://unbound.net/downloads/CVE-2017-15105.txt

https://usn.ubuntu.com/3673-1/

Details

Source: MITRE

Published: 2018-01-23

Updated: 2019-10-09

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
135644EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2020-1482)NessusHuawei Local Security Checks
medium
134553EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1264)NessusHuawei Local Security Checks
medium
132211EulerOS 2.0 SP3 : unbound (EulerOS-SA-2019-2676)NessusHuawei Local Security Checks
medium
131641EulerOS 2.0 SP2 : unbound (EulerOS-SA-2019-2488)NessusHuawei Local Security Checks
medium
131506EulerOS Virtualization for ARM 64 3.0.3.0 : unbound (EulerOS-SA-2019-2341)NessusHuawei Local Security Checks
medium
130656EulerOS 2.0 SP5 : unbound (EulerOS-SA-2019-2194)NessusHuawei Local Security Checks
medium
122196Debian DLA-1676-1 : unbound security updateNessusDebian Local Security Checks
medium
110413Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : unbound vulnerability (USN-3673-1)NessusUbuntu Local Security Checks
medium
106641Fedora 26 : unbound (2018-a10a19e06a)NessusFedora Local Security Checks
medium
106515Fedora 27 : unbound (2018-69316c5b7a)NessusFedora Local Security Checks
medium
106508Debian DLA-1264-1 : unbound security updateNessusDebian Local Security Checks
medium
106384Unbound < 1.6.8 Wildcard Synthesized NSEC Records Handling Remote Validation WeaknessNessusDNS
medium
106214FreeBSD : unbound -- vulnerability in the processing of wildcard synthesized NSEC records (8d3bae09-fd28-11e7-95f2-005056925db4)NessusFreeBSD Local Security Checks
medium